inc/modules/guest/what-sponsor_login.php

   1 <?php
   2 /************************************************************************
   3  * Mailer v0.2.1-FINAL                                Start: 06/10/2005 *
   4  * ===================                          Last change: 05/18/2008 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-sponsor_login.php                           *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Login form and password resending for sponsor    *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Loginformular und Neues Passwort fuer Sponsor    *
  12  * -------------------------------------------------------------------- *
  13  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
  14  * Copyright (c) 2009 - 2016 by Mailer Developer Team                   *
  15  * For more information visit: http://mxchange.org                      *
  16  *                                                                      *
  17  * This program is free software; you can redistribute it and/or modify *
  18  * it under the terms of the GNU General Public License as published by *
  19  * the Free Software Foundation; either version 2 of the License, or    *
  20  * (at your option) any later version.                                  *
  21  *                                                                      *
  22  * This program is distributed in the hope that it will be useful,      *
  23  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  24  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  25  * GNU General Public License for more details.                         *
  26  *                                                                      *
  27  * You should have received a copy of the GNU General Public License    *
  28  * along with this program; if not, write to the Free Software          *
  29  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  30  * MA  02110-1301  USA                                                  *
  31  ************************************************************************/
  32
  33 // Some security stuff...
  34 if (!defined('__SECURITY')) {
  35         exit();
  36 } // END - if
  37
  38 // Add description as navigation point
  39 addYouAreHereLink('guest', __FILE__);
  40
  41 if ((!isExtensionActive('sponsor'))) {
  42         displayMessage('{%pipe,generateExtensionInactiveNotInstalledMessage=sponsor%}');
  43         return;
  44 } elseif (isSponsor()) {
  45         // Is already a logged-in sponsor
  46         redirectToUrl('modules.php?module=sponsor');
  47 }
  48
  49 $mode = '';
  50 if (isGetRequestElementSet('do')) {
  51         // A "special" mode of the login system was requested
  52         switch (getRequestElement('do')) {
  53                 case 'activate' : $mode = 'activate';  break; // Activation link requested
  54                 case 'lost_pass': $mode = 'lost_pass'; break; // Request new password
  55         } // END - switch
  56 } // END - if
  57
  58 // Check if hash for confirmation of email address is given...
  59 if (isGetRequestElementSet('hash')) {
  60         // Lookup sponsor
  61         $result = sqlQueryEscaped("SELECT
  62         `id`, `status`, `gender`, `surname`, `family`,
  63         `company`, `position`, `tax_ident`,
  64         `street_nr1`, `street_nr2`, `country`, `zip`, `city`, `email`, `phone`, `fax`, `cell`,
  65         `points_amount` AS `points`, `last_payment`, `last_currency`
  66 FROM
  67         `{?_MYSQL_PREFIX?}_sponsor_data`
  68 WHERE
  69         `hash`='%s' AND (
  70                 `status`='UNCONFIRMED' OR
  71                 `status`='EMAIL'
  72         )
  73 LIMIT 1", array(getRequestElement('hash')), __FILE__, __LINE__);
  74         if (sqlNumRows($result) == 1) {
  75                 // Sponsor found, load his data...
  76                 $data = sqlFetchArray($result);
  77
  78                 // Unconfirmed account or changed email address?
  79                 if ($data['status'] == 'UNCONFIRMED') {
  80                         // Set account to pending
  81                         sqlQueryEscaped("UPDATE
  82         `{?_MYSQL_PREFIX?}_sponsor_data`
  83 SET
  84         `status`='PENDING',
  85         `hash`=NULL
  86 WHERE
  87         `id`=%s AND
  88         `hash`='%s' AND
  89         `status`='UNCONFIRMED'
  90 LIMIT 1",
  91                                 array(
  92                                         bigintval($data['id']),
  93                                         getRequestElement('hash')
  94                                 ), __FILE__, __LINE__);
  95
  96                         // Check on success
  97                         if (!ifSqlHasZeroAffectedRows()) {
  98                                 // Prepare mail and send it to the sponsor
  99                                 $message = loadEmailTemplate('sponsor_pending', $data);
 100                                 sendEmail($data['email'], '{--SPONSOR_ACCOUNT_PENDING_SUBJECT--}', $message);
 101
 102                                 // Send email to admin
 103                                 sendAdminNotification('{--ADMIN_NEW_SPONSOR--}', 'admin_sponsor_pending', $data);
 104
 105                                 // Sponsor account set to pending
 106                                 displayMessage('{--SPONSOR_ACCOUNT_IS_PENDING--}');
 107                         } else {
 108                                 // Could not unlock account!
 109                                 displayMessage('{--SPONSOR_ACCOUNT_PENDING_FAILED--}');
 110                         }
 111                 } elseif ($data['status'] == 'EMAIL') {
 112                         // Changed email adress need to be confirmed
 113                         sqlQueryEscaped("UPDATE
 114         `{?_MYSQL_PREFIX?}_sponsor_data`
 115 SET
 116         `status`='CONFIRMED',
 117         `hash`=NULL
 118 WHERE
 119         `id`=%s AND
 120         `hash`='%s' AND
 121         `status`='EMAIL'
 122 LIMIT 1",
 123                                 array(bigintval($data['id']), getRequestElement('hash')), __FILE__, __LINE__);
 124
 125                         // Check on success
 126                         if (!ifSqlHasZeroAffectedRows()) {
 127                                 // Sponsor account is unlocked again
 128                                 displayMessage('{--SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN--}');
 129                         } else {
 130                                 // Could not unlock account!
 131                                 displayMessage('{--SPONSOR_ACCOUNT_EMAIL_FAILED--}');
 132                         }
 133                 } else {
 134                         // ??? Other status?
 135                         displayMessage('{--SPONSOR_ACCOUNT_STATUS_FAILED--}');
 136                 }
 137         } else {
 138                 // No sponsor found
 139                 displayMessage('{%message,SPONSOR_ACCOUNT_404=' . getRequestElement('hash') . '%}');
 140         }
 141
 142         // Free memory
 143         sqlFreeResult($result);
 144 } elseif ($mode == 'activate') {
 145         // Send activation link again
 146         if (isFormSent('login')) {
 147                 // Check submitted data
 148                 if (!isPostRequestElementSet('email')) unsetPostRequestElement('login');
 149         }
 150
 151         if (isFormSent('login')) {
 152                 // Check email
 153                 $result = sqlQueryEscaped("SELECT
 154         `id`,
 155         `hash`,
 156         `status`,
 157         `remote_addr`,
 158         `gender`,
 159         `surname`,
 160         `family`,
 161         UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
 162 FROM
 163         `{?_MYSQL_PREFIX?}_sponsor_data`
 164 WHERE
 165         '%s' REGEXP `email` AND
 166         (`status`='UNCONFIRMED' OR `status`='EMAIL')
 167 LIMIT 1",
 168                 array(postRequestElement('email')), __FILE__, __LINE__);
 169
 170                 // Entry found?
 171                 if (sqlNumRows($result) == 1) {
 172                         // Unconfirmed sponsor account found so let's load the requested data
 173                         $data = sqlFetchArray($result);
 174
 175                         // Translate some data
 176                         $data['sponsor_created'] = generateDateTime($data['sponsor_created']);
 177
 178                         // Prepare email and send it to the sponsor
 179                         if ($data['status'] == 'UNCONFIRMED') {
 180                                 // Unconfirmed accounts
 181                                 $message_sponsor = loadEmailTemplate('sponsor_activate', $data);
 182                         } else {
 183                                 // Confirmed email address
 184                                 $message_sponsor = loadEmailTemplate('sponsor_email', $data);
 185                         }
 186                         sendEmail(postRequestElement('email'), '{--SPONSOR_ACTIVATION_LINK_SUBJECT--}', $message_sponsor);
 187
 188                         // Output message
 189                         displayMessage('{--SPONSOR_ACTIVATION_LINK_SENT--}');
 190                 } else {
 191                         // No account found or not UNCONFIRMED
 192                         displayMessage('{--SPONSOR_ACTIVATION_LINK_404--}');
 193                 }
 194
 195                 // Free memory
 196                 sqlFreeResult($result);
 197         } else {
 198                 // Load form
 199                 loadTemplate('guest_sponsor_activate');
 200         }
 201 } elseif ($mode == 'lost_pass') {
 202         // Send new password
 203         if (isFormSent('login')) {
 204                 // Check submitted data
 205                 if (!isPostRequestElementSet('email')) unsetPostRequestElement('login');
 206         } // END - if
 207
 208         if (isFormSent('login')) {
 209                 // Check email
 210                 $result = sqlQueryEscaped("SELECT
 211         `id`,
 212         `hash`,
 213         `remote_addr`,
 214         `gender`,
 215         `surname`,
 216         `family`,
 217         UNIX_TIMESTAMP(`sponsor_created`) AS `sponsor_created`
 218 FROM
 219         `{?_MYSQL_PREFIX?}_sponsor_data`
 220 WHERE
 221         '%s' REGEXP `email` AND
 222         `id`=%s AND
 223         `status`='CONFIRMED'
 224 LIMIT 1",
 225                 array(postRequestElement('email'), bigintval(postRequestElement('id'))), __FILE__, __LINE__);
 226
 227                 // Entry found?
 228                 if (sqlNumRows($result) == 1) {
 229                         // Unconfirmed sponsor account found so let's load the requested data
 230                         $content = sqlFetchArray($result);
 231
 232                         // Generate password/translate some data
 233                         $content['password']        = generatePassword();
 234                         $content['sponsor_created'] = generateDateTime($content['sponsor_created']);
 235
 236                         // Prepare email and send it to the sponsor
 237                         $message_sponsor = loadEmailTemplate('sponsor_lost', $content);
 238                         sendEmail(postRequestElement('email'), '{--SPONSOR_LOST_PASSWORD_SUBJECT--}', $message_sponsor);
 239
 240                         // Update password
 241                         sqlQueryEscaped("UPDATE
 242         `{?_MYSQL_PREFIX?}_sponsor_data`
 243 SET
 244         `password`='%s'
 245 WHERE
 246         `id`=%s
 247 LIMIT 1",
 248                                 array(md5($content['password']), bigintval($content['id'])), __FILE__, __LINE__);
 249
 250                         // Output message
 251                         displayMessage('{--SPONSOR_LOST_PASSWORD_SENT--}');
 252                 } else {
 253                         // No account found or not UNCONFIRMED
 254                         displayMessage('{--SPONSOR_LOST_PASSWORD_404--}');
 255                 }
 256
 257                 // Free memory
 258                 sqlFreeResult($result);
 259         } else {
 260                 // Load form
 261                 loadTemplate('guest_sponsor_lost');
 262         }
 263 } elseif (isFormSent('login')) {
 264         // Check status and login data ...
 265         $result = sqlQueryEscaped("SELECT
 266         `status`
 267 FROM
 268         `{?_MYSQL_PREFIX?}_sponsor_data`
 269 WHERE
 270         `id`=%s AND
 271         `password`='%s'
 272 LIMIT 1",
 273         array(
 274                 bigintval(postRequestElement('sponsor_id')),
 275                 md5(postRequestElement('password'))
 276         ), __FILE__, __LINE__);
 277
 278         if (sqlNumRows($result) == 1) {
 279                 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
 280                 list($status) = sqlFetchRow($result);
 281                 if ($status == 'CONFIRMED') {
 282                         // Is confirmed so both is fine and we can continue with login procedure
 283                         $login = ((setSession('sponsor_id'  , bigintval(postRequestElement('sponsor_id')))) &&
 284                         (setSession('sponsor_pass', md5(postRequestElement('password'))           ))
 285                         );
 286
 287                         if ($login === TRUE) {
 288                                 // Cookie setup successfull so we can forward to sponsor area
 289                                 redirectToUrl('modules.php?module=sponsor');
 290                         } else {
 291                                 // Cookie setup failed!
 292                                 displayMessage('{--SPONSOR_COOKIE_SETUP_FAILED--}');
 293
 294                                 // Login formular and other links
 295                                 loadTemplate('guest_sponsor_login');
 296                         }
 297                 } else {
 298                         // Status is not fine
 299                         displayMessage('{--SPONSOR_LOGIN_FAILED_' . strtoupper($status) . '--}');
 300
 301                         // Login formular and other links
 302                         loadTemplate('guest_sponsor_login');
 303                 }
 304         } else {
 305                 // Account missing or wrong pass! We shall not find this out for the "cracker folks"...
 306                 displayMessage('{--SPONSOR_LOGIN_FAILED_404_WRONG_PASS--}');
 307
 308                 // Login formular and other links
 309                 loadTemplate('guest_sponsor_login');
 310         }
 311
 312         // Free memory
 313         sqlFreeResult($result);
 314 } else {
 315         // Login formular and other links
 316         loadTemplate('guest_sponsor_login');
 317 }
 318
 319 // [EOF]
 320 ?>